7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
11.7%
With MariaDB running on Windows, when local clients connect to the server
over named pipes, it’s possible for an unprivileged user with an ability to
run code on the server machine to intercept the named pipe connection and
act as a man-in-the-middle, gaining access to all the data passed between
the client and the server, and getting the ability to run SQL commands on
behalf of the connected user. This occurs because of an incorrect security
descriptor. This affects MariaDB Server before 10.1.48, 10.2.x before
10.2.35, 10.3.x before 10.3.26, 10.4.x before 10.4.16, and 10.5.x before
10.5.7. NOTE: this issue exists because certain details of the MariaDB
CVE-2019-2503 fix did not comprehensively address attack variants against
MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912
does NOT apply to other vendors that were originally affected by
CVE-2019-2503.
Author | Note |
---|---|
seth-arnold | This issue appears to be Windows-specific |
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
11.7%